Privacy Policy
Last updated: 21 June 2026
This Privacy Policy explains how MintCards (“MintCards”, “we”, “us”) processes personal data when you use our website, join our waitlist, or use the MintCards app for buying, collecting, valuing and selling trading cards. It is provided under Articles 13–14 of the EU General Data Protection Regulation (GDPR).
Who is the data controller
The data controller is MintCards S.r.l., Via Sulmona 11/2, 20139 Milano (MI), Italy — VAT/P.IVA 14730450963. For any privacy request, contact privacy@mintcardsapp.com.
What data we collect
- Account — email address and name.
- Waitlist — email address and the marketing consent you give.
- Vendor profile (sellers/stores) — tax identifiers, business and address details.
- Commerce — orders, collection contents, wallet movements.
- Logistics — shipment and inspection records.
- Payments & payouts — metadata from Stripe (we do not store full card numbers).
- Card scans — images you capture to identify a card. These are used to recognise the card; they are not used for biometric identification and are not biometric data.
- Technical — strictly-necessary session/language data and privacy-friendly, cookieless usage statistics.
Why we use it and the legal basis
- Provide the service (accounts, buy/collect/sell, wallet, scan) — performance of a contract.
- Payments, invoicing, fraud prevention, tax & AML — legal obligation and legitimate interest.
- Marketing & the launch waitlist — your consent, which you can withdraw at any time.
- Security and improving the service — legitimate interest.
Who we share data with
We use carefully selected processors: Stripe (payments, Connect KYC, payouts), our e-invoicing/SDI provider (electronic invoicing under Italian law), Brevo (waitlist and email delivery), Cloudflare (content delivery and cookieless analytics), our website host, and an error-tracking provider (pseudonymised). We do not sell your personal data.
International transfers
Where a provider processes data outside the EEA, transfers are covered by adequacy decisions or Standard Contractual Clauses.
How long we keep it
- Account data: until you ask us to delete it, plus a short grace period.
- Wallet and fiscal records: up to 10 years (legal obligation).
- Waitlist data: until you unsubscribe or we launch and migrate you to an account.
- Notifications: 6 months. Security/audit logs: 12 months.
Your rights
You can request access, a copy (portability), correction, restriction, erasure, and object to processing based on legitimate interest; you can withdraw consent at any time. Write to privacy@mintcardsapp.com. You also have the right to lodge a complaint with the Italian Garante per la protezione dei dati personali.
Cookies
We use only strictly-necessary cookies (session and language) and cookieless analytics, so we do not show a cookie banner. See our Cookie Policy.
Children
MintCards is not directed to children under 16. We do not knowingly collect their data.
Changes
We may update this policy; we will post the new version here with a revised date.